Topic: [ANN][XRB]Cryptocurrency's killer app: RaiBlocks micropayments - page 90. (Read 775279 times)

There's a lot of FUD going around right now, primarily sparked by Francesco Firano and now with KuCoin coming out and saying they were having a 'double-spend' issue too. I'd like to point out that Kucoin fixed this issue immediately and compensated their ledger with their own funds. They did not attempt to sweep it under the rug and the issue was not wide-spread at Kucoin whatsoever, so kudos to them.

But let's get right down to the point of this post, the tl;dr:

There is no issue with the Nano protocol nor the Nano node. There is no double spending going on. The RPC API was being used improperly.
These issues are not 'double spend' in the traditional sense. Double spend assumes someone spent the same funds twice, which would be a major problem in any cryptocurrency and is basically the primary thing that has to be defeated in any cryptocurrency. That is not what is happening, nor was it ever what happened at Bitgrail nor KuCoin. People freak out when they hear 'double spend', and for good reason, but that is NOT what has been going on.

What happened in both the Bitgrail and Kucoin situations was an improper use of the RPC API.

In the RPC, there are two ways to do things:
1. Use the account/wallet system built into the node and allow the node to do everything for you, including sending money without you ever touching a raw block
2. Keep track of your private keys yourself, store nothing in the node, and only use the node for receiving transaction notifications, reviewing the Nano ledger, and broadcasting blocks you sign yourself outside of the node. (how Nanex does it)
Option 1: why it was used, why it exists, and why it's a bad idea
Option 1 is easy, and is how things are done for most traditional coin integrations on exchanges. Nano has that option, but it was never meant to be used by large services like exchanges. It was meant so someone could build their own UI or just use the command-line. It has its own use case, but not for exchanges.

The primary issue with doing it this way is that sends are not idempotent. Idempotency means that if I were to send the request more than once, it would only perform the action once or it would effectively have the same result. In this case, all you are doing is telling the node 'send X amount to this address'. It doesn't care if you already tried doing it before. It doesn't know if you're retrying something or just sending out more funds again. Since it's not idempotent, this means that any retry code in the case of intermittent failure could possibly end up sending out a transaction more than once.

There's also a variety of other issues like not being able to have fine-tuned control over what's happening, having much more difficulty in scaling across multiple nodes, etc.

This was the method that Bitgrail and Kucoin used. As a result, if anything in the system failed or resent a message for whatever reason, it would effectively 'double withdraw'. Again, I can't state this enough, it is not an issue in the NANO protocol. This is an issue in using the nano node properly.

Option 2: the proper way of doing things
If you keep track of your private keys yourself and only use the offline signing methods, this situation becomes much more unlikely. Your transactions become idempotent.

In the Nanex database, when a withdrawal request is submitted there is a unique identifier for that withdrawal. Your funds are immediately taken out of your Nanex wallet. Only then is the request sent to the actual nano node control system. It finds one of our hot accounts with an appropriate balance, locks the account for any further transactions, and creates and signs the block for the withdrawal. This block is then stored in the database with your unique withdrawal request ID.

All of this so far has not touched the node. When the block is ready, it will be sent to one of our nodes to be broadcasted. If, for whatever reason, that fails - it can be retried again because we're sending the exact same raw, signed block to the node. No matter what, a 'double spend' cannot occur because the operation is idempotent.

At this point, the account is still locked so no further withdrawals or deposits can be made to it. Our other nodes listen on the network to ensure it was broadcasted, and once it reaches consensus the account is unlocked for further transactions and the withdrawal is considered complete.

With 10 hot accounts and an Nvidia P100 GPU node, we can process 300 transactions a minute or 5 per second without the slightest possibility of double withdrawals. If we need to scale up, we just add more nodes and hot accounts.

Nanex's design is being implemented by Kucoin now and is regarded as the 'best practice' by the core development team. edit: note that this design isn't just the idempotent transactions, it also includes how we run multiple loadbalanced nodes and have self-consensus on all transactions

BIG EDIT: This can be done from the RPC entirely as well. This isn't something that has to be implemented outside of the node. The idempotent blocks can be created using the built-in wallet system or by providing the keys yourself.

Also, because I know it will come up: the block explorer issue with improper dates being shown.
This, too, was not an issue with the network. There are no timestamps in the Nano ledger and for that matter almost no cryptocurrency has timestamps, only references to past blocks. The explorer had an issue in which some transactions never had a timestamp recorded. This issue was resolved on January 19th, and any transactions that were missing a timestamp ended up getting that date.

Francesco is trying to use this too as some evidence something is wrong with Nano. That's simply not the case, and frankly a cryptocurrency exchange handling millions of dollars a day should not be relying on a third party tool to confirm their own account data.

In conclusion..
There is no issue with Nano. There never was. All the issues Bitgrail ever ran into was of their own doing because they didn't take time to think of how to implement the node properly, just how to 'get it done'. Kucoin unfortunately fell victim to the same thing, but they made things right and fixed their issue immediately. Francesco swept it under the rug and is now attempting to FUD Nano and the core development team in an attempt to save himself.

Stay strong, nanofam.

edit:

Here's another piece I did on 'why it's not an issue with XRB'. https://www.reddit.com/r/RaiBlocks/comments/7ozfrh/im_jaydubs_the_creator_of_raiexchange_ask_me/dsdfe17/

double edit:

Since I've got the platform for this and many people are asking - the core team never endorsed Bitgrail past saying it was a place you could exchange XRB. The time where Zack said 'funds are safe' (the main thing everyone references) was never in reference to Bitgrail's solvency. Those issues happened during a time when nobody thought Bitgrail was exit scamming or that they were hacked, rather it was FUD surrounding the node and the nano protocol itself and people were worried an issue in the node could have made people lose their money.

why is it still not in coinmarketcap? the coin has been developing for more than two years

why is it still not in coinmarketcap? the coin has been developing for more than two years

why is it still not in coinmarketcap? the coin has been developing for more than two years

It's current ranking on market cap is on number 20. There you can see it listed as NANO and it is there for very long time. Before going through rebranding it was appearing there as Raiblocks under ticker of XRB. I think you are following the development nor project in mode correct that's why.

Once this turmoil is over more quickly on recovery mode will be these coins which are being depressed because of some initial coin offering projects. Here I am referring at those based on fancy whitepapers and presentations raised money. Nano has received good compliments by reputable people in recent past all that is going to work in future.

So with the crypto depression going on, what does everyone forecast as the bottom for this coin?  Are we headed back to where we started?

It's not the Nano's network that caused this. It is the NANO wallet implementation of Binance. It is not easy to integrate a decentralized ledger service into a single database system like an exchange, bugs will appear especially with new tech like Nano.

It's not the Nano's network that caused this. It is the NANO wallet implementation of Binance. It is not easy to integrate a decentralized ledger service into a single database system like an exchange, bugs will appear especially with new tech like Nano.

I got ban for saying truth on xrb so the best is to post here.

Double Deposit on Binance 14th March.

It's funny how +B reacts "There is no double spend" and don't even the read the message properly before he speaks.

https://prnt.sc/irhe44

https://prnt.sc/irhe9x

https://prnt.sc/irhegm

Image of double deposits:

1. https://imgur.com/a/TTv4P

2. https://cdn.discordapp.com/attachments/370266023905198085/423607805199646720/Screen_Shot_2018-03-14_at_23.14.31.png

$NANO was super cheap last night, so was $NEO. They're both on their way up now. Hopefully they'll keep it up. I don't like Electroneum. I wouldn't buy it if it were free. 

Thank you for explaine. Why they made re-brading? Does theyhave smartcontracts as well like Ethereum? They planning to launch ICO on their platform?

I don't understand why he would think it's not his fault.  It was his exchange and his laughably poor code, if he isn't responsible for it then who is?  What an idiot, of course he is to blame.

When Polo was hacked years ago they pretty much said, whoops sorry guys we screwed up by writing crap code and running our site poorly.  They gave everyone back their money and increased security greatly.  After that there weren't any more issues.  That's how normal business is supposed to function.  This Bitgrail guy is an obvious clown.

Sorry for Polluting the NANO thread with this but I wanna vent some anger.

"- Bitgrail still sees themselves as not responsible for the theft and therefore they believe they have no obligation to refund stolen coins
- purely voluntarily to help affected customers, Bitgrail is going to create a cash fund to reimburse customers for stolen funds over time"

You gotta be Fing shitting me .. Not responsible .. there is VERY CLEAR EVIDENCE that they= HE is VERY MUCH RESPONCIBLE.

... they already said it on reddit ...

NO ONE IS GOING TO USE THAT SHIT EXCHANGE ANYMORE  These Tokens are completely worthless , I would like to get my 20% back And be part of the group that will eventually sue his ass for robbing us But if its a choice between one or the other there is no choice im going to sue his ass.

So he gets us to agree to "trade" 80% of our NANO for tokens that are worth NOTHING and then when their price drops from 10 usd to 0.00000000001 usd he will just buy them off and he will be free of his debt and we will have lost 80% of our money.